We are trying to invite users from two domains into Payroll. One hosted with Exchange online the other with a local mail host. No invites are received when sent, nor is there any indication in the logs as to why. When sending test invites to users Gmail address and two of my locally hosted domains, Gmail goes through, as does one of my locally hosted, while the other does not. Fortunately within the Spam Quarantine Logs of one of my test domains that did not receive the invite I found the reason for the block as that provided in the subject above.
Further scrutiny of the logs (provided below) shows this is, as far as I can tell, quite logical as Sage is sending the invite so that it appears to come [email protected] while in the background sending it from its own own server: za-relay-02.sagesouthafrica.co.za. This is essentially Spoofing which our server is correctly identifying as a possible phising attempt. For whatever reason the MS Exchange Online logs do not show any logs of the invite mail even arriving never mind being blocked for whatever reason.
Please note we have whitelisted @sage.com and now @sagesouthafrica.co.za which has not resolved the issue - invites are still not being received. I understand we can add your servers IP: 197.96.210.136 and 10.64.4.103 to our SPF record however nowhere has this been requested of us by Sage nor can I find any mention of having to do so within your setup documentation, so am asking what your suggested fix to this problem is? For example can the invite not be sent from sagesouthafrica.co.za directly without masquerading as a [email protected]? Or does Sage have to send as a [email protected]?
==============================================
Received: from za-relay-02.sagesouthafrica.co.za ([197.96.210.136]) by spe8.ucebox.co.za with esmtp (Exim 4.89) (envelope-from <[email protected]>) id 1hUdNG-0006fo-7U for [email protected]; Sat, 25 May 2019 22:34:38 +0200
Received: from SOFISHABWEB69.sageza.hosting (Not Verified[10.64.4.103]) by za-relay-02.sagesouthafrica.co.za with Trustwave SEG (v7, 3, 6, 7949) id <B5ce9a6c80000>; Sat, 25 May 2019 22:34:17 +0200
Received: from SOFISHABWEB69 ([127.0.0.1]) by SOFISHABWEB69.sageza.hosting with Microsoft SMTPSVC(10.0.14393.0); Sat, 25 May 2019 22:34:16 +0200
MIME-Version: 1.0
From: "[email protected]>
To: "TEST 2" <[email protected]>
Reply-To: [email protected]
Date: 25 May 2019 22:34:16 +0200
Subject: New user Activation for Sage Business Cloud Payroll Professional for site code U53431
Message-ID: <[email protected]>
X-OriginalArrivalTime: 25 May 2019 20:34:16.0112 (UTC) FILETIME=[389C2B00:01D51339]
Received-SPF: fail (spe8.ucebox.co.za: domain of superuserdomain.co.za does not designate 197.96.210.136 as permitted sender) client-ip=197.96.210.136; [email protected]; helo=za-relay-02.sagesouthafrica.co.za;
X-SPF-Result: spe8.ucebox.co.za: domain of superuserdomain.co.za does not designate 197.96.210.136 as permitted sender
Authentication-Results: ucebox.co.za; spf=fail [email protected]
X-Afrihost-Class: phish
X-Afrihost-Evidence: SPF
===============================================